Date: Wed, 26 May 2004 13:59:16 -0700 (PDT) From: Buzz Slye <buzz@gaia.arc.nasa.gov> To: freebsd-firewire@freebsd.org Subject: Quadlet read/write bug Message-ID: <Pine.GSO.4.58.0405261357400.2183@mono.arc.nasa.gov>
next in thread | raw e-mail | index | archive | help
A temporary fix to the asyncronous read and write cases of fw_ioctl for a req.len = 16 is (fwdev.c line 595): int tc; ..... /* copy response */ tc = xfer->recv.hdr.mode.hdr.tcode; tinfo = &sc->fc->tcode[tc]; if (tc == FWTCODE_RRESQ || tc == FWTCODE_WRES) asyreq->req.len = xfer->recv.pay_len; else if (asyreq->req.len >= xfer->recv.pay_len + tinfo->hdr_len) asyreq->req.len = xfer->recv.pay_len; else err = EINVAL; The above will work for rreqq and wreqq, but I didn't look at the other cases. Note that for the read request response, the payload length is 4, but the header length is 16. This adds up to 20 which doesn't work for req.len=16. The response header should be 12 maybe, if the payload is 4 ? For the write request response, the payload length is 4096, but there really isn't any payload returned. Returning req.len=4096 isn't good, but if the application doesn't check it, it certainly beats returning EINVAL. R. E. Slye NASA/Ames
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.58.0405261357400.2183>